Security Think Tank: How to evolve SecOps capacity

Businesses are changing at a rapid rate as they move into the cloud, leaving many security operations and staff struggling to keep up with the risks. Incident monitoring and management, for example, along with other traditional resilience measures, are becoming a weak area for companies, with many not necessarily developing the knowhow to cope with the threats to their increasingly complex and dynamic infrastructures. Although automation is a tool that can help companies catch up and manage a growing workload, it is not the starting point.

Security operations must be enabled to develop with a much deeper understanding of how their businesses are changing. Cloud computing is underpinning wholesale digital transformation for companies, and a significant shift in operational risk. Evolving security operations therefore begins with a review of how business risks are managed, and the technology-related aspects are prioritised. Security operational teams can evolve their capacity in three stages: 

1. Engage in proper discussion

This must be a cross-functional comprehensive review of how operational risks are changing, and the increasing reliance on digital capability within the business. It must be a collaborative, a two- or even three-way discussion where business people can talk competently about their functional requirements and ambitions, technical teams can inject their understanding of how systems will evolve to support them, and security teams can actively work to anticipate vulnerabilities and threats.

2. Set priorities within the context of business requirements

This is about identifying what is required to keep the core functions within the business running, and understanding the threats with the potential to deliver the greatest impact on the health of the business. Organisations today manage for other high-profile risks, including succession planning, power cuts, flu pandemics, and the like. Cyber security risks must rise to this level, where the conversation is granular enough to reveal what is important relative to the business.

3. Develop the capacity to address the priorities.

Breaches are an inevitable part of what must be managed in business today. Security operations therefore need to evolve as a business, not just technical support. The development of new skills may be needed – many vulnerabilities and threats in the cloud are similar to preceding infrastructures, but there are differences to be accounted for. Operations will need to understand these and be able to competently assess, develop or commission current technical solutions – including those that build in levels of automation – with a clear understanding of the business benefit. Also, given the day-to-day inevitability of cyber attacks, incident management and response planning should become a priority with engagement, and the right level of commitment from the relevant people.

Overall, what may be most important will be to ensure that the evolution of security operations becomes an iterative process. All relevant teams must be able to continually engage in the conversations needed to keep pace with change.